playing with cluster is open source [ although AGPL-3 licensed ] object storage software providing s3-compatible interface and handling clustering for HA & data distribution. below – notes from setting it up on a tiny scale, without using Kubernetes. notes are based on RELEASE.2023-03-24T21-41-23Z i’ve fetched two binaries for the project: my cluster has 4 nodes, looks ... Read More

mental models and alike

temporarily speeding up IO performance for KVM VM

i have few VMs running on top of spinning rust. recently i’ve upgraded one of them to not-yet-stable debian bookworm. upgrade would be pretty slow but.. i’ve edited the VM definition and asked KVM to allow host server to cache any IO operations. speedup was great, bullseye->bookworm upgrade finished in less than 5 minutes. for ... Read More

using hardware tokens to secure SSH, MS365 logins

i’ve done a bit of research, below – my understanding of the current state of affairs [ 2023-03 ]. i’m writing this while testing YubiKey 5 NFC, but consider different alternatives. SSH why: i’m considering an attack vector where malicious actor has remote control of my PC – can lift up arbitrary files [ including ... Read More

re-parenting a shell command

let’s say you’ve logged in via ssh to some server and started some long running command. minutes or hours later you’ve realized that you did not run it under screen or tmux – so that command will die once your ssh connection is closed. today i’ve learned about reptyr which can help with that – ... Read More

squid-based forward proxy that accepts incoming tls-encrypted connections

we needed to do some interoperability testing, and for that we had to allow http client application to talk with http proxy via secure channel. on debian 11 i had to install package squid-openssl and add this line in /etc/squid/squid.conf: the ssl cert was generated by certbot certonly. that’s how i tested it:

MySQL / MariaDB login audit

once in a while i need to review which database accounts are used, from what IPs connections arrive. MySQL / MariaDB does not have built-in mechanism [ unless you want to allow full query log ], but there’s quite easy way to get the data.

online tools to test your mail infrastructure

once in a while i’m involed in moving mail servers around, to and from the could. those tools are useful each time it’s done: also related – a deep dive into e-mail delivery in 2024.

rsync with more efficient compression, hash algorithm

rsync 3.2.0 and newer supports more compression and hash algorithms. zstd compression is well suited for slower network connections [ tens mbit/s ], lz4 – for faster. xxh3 hash is worth using regardless of the network speed. syntax:

nrpe’s check_http – POSTing a file

i needed to monitor some service available via HTTP, this service is expecting to get a file posted – as if it was submitted via HTML form. so the file’s content is in the POST body, wrapped in Content-Type: multipart/form-data and stored between boundaries. Is it possible to simulate via check_http? yes!

Best Practical’s RT – recovering specific tickets from backups

I needed to recover a particular, old and already shredded, RT ticket from a backup to web interface. I’ve restored the database to a separate server and run those commands to get INSERT statements for two tickets i was interested in – 69187, 100112: To be on the safe side – always recover to a ... Read More

mysqldump headaches

over the years i’ve set up multiple backup workflows. one of them is described here. part of the cycles involves taking database backups. for MySQL i’m mostly using mysqldump. it comes with some headaches: it’s single-threaded by nature – both for backup, and restore [ unless you chop the dump file into pieces and try ... Read More

WordPress’ Gutenberg editor failing to save anything

i’ve run into an odd situation – wordpress was working just fine yet the new / Gutenberg editor did not save anything. No errors, but also no content saved – the only thing that was left was ‘Auto Draft’ with an empty content. i’ve tracked it down to fact that .htaccess was not actually used ... Read More

public domain image searchers mobile – 100GB for a month for 5pln seems to have never ending promotion where you get 100GB of data traffic for a month when you buy a new starter and activate bonus package. here’s what i do to activate it [ every 30 days ]: buy play-as-you-go sim card e.g. in Zabka convenience store – Play odNowa for 5PLN, register the ... Read More

.net core under linux throws “The remote certificate is invalid because of errors in the certificate chain: NotTimeValid” when communicating with HTTPS server having letsencrypt cert

i’ve stumbled on an issue – simple .net core code using HttpWebRequest failed to communicate with any server that had lets encrypt cert. no matter if the server used new or old certificate chain – i was getting: at the same time curl or wget could communicate with the same site without issues. i’ve tried ... Read More